China syndromeChina may have back door into U.S. military computer networks

We have written about the massive industrial espionage campaign by the Chinese intelligence srevices; we have also written about persistent attempts by China’s intelligence services, but also by Chinese hackers — whether or not they are operatives of the Chinese giovernment is not yet clear — to penetrate networks in the United States which carry sensitive military information. It is reported that the FBI is now investigating whether the Chinese government or Chinese hackers (or both) have had the benefit of undetectable back-doors into highly secure government and military computer networks for months, perhaps years. The cause for the worry and for the investigation: a high-number of counterfeit Cisco routers and switches installed in many government networks which have been upgraded or replaced with new units within the past eighteen months (see also stories in ChinaTechNews and slashdot). U.S. government agencies have been trying to avoid such security problems by using only higher-end Cisco partners/suppliers for the gear, but the competitive lowest-bid environment of government procurement has inspired several vendors to look for cheap alternatives for hardware — and when you look for cheap alternative you go to China — with the resulting massive and serious breach of security.

Blogger mister.old.school writes that a few weeks ago his sources provided him with information on a scathing investigation summary by the FBI. These sources indicated that a critical PowerPoint document has been quietly circulating after a few internal presentations. The document has been labeled unclassified, but it is an official FBI publication and has been hard to track down. mister.old.school has been able to track an online source for the document, and it is available on his blog (note that the ATS upload would not allow a PPT file). The dcoument shows that the FBI is concerned about critical infrastructure damage and the potential of access to secure government systems. Many online IT circles have been speculating that the counterfeit hardware will provide backdoor capabilities and access into compromised networks for the originators of the equipment. In fact, there are those who speculate that the counterfeit Cisco equipment has been manufactured expressly to deploy exploitable systems. The argument goes that the likely wholesale price of the counterfeit routers and switches is so low and profit margins likely very thin, that the only real advantage may be gained from downstream system exploits in the future. We may call it a technological sleeper cell.